Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
The dsdb_find_dn_by_guid() and dsdb_find_sid_by_dn() are using by
the DRS server call getncchanges on objects that may be deleted.
|
|
|
|
|
|
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
|
|
|
|
When a partition is first created it still needs a uSNHighest value
|
|
These are used to load/save the per-partition uSN values managed by
the repl_meta_data module
|
|
If we already have a repsFrom for a particular DC and naming context
then we should not overwrite it, as it contains info on what
replication we've already done
|
|
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform
write operations on them (look below in the code) we could get SIGSEGVs!
|
|
|
|
|
|
This will be used by the linked_attribute module
|
|
This came from the linked_attributes module, but now the
repl_meta_data module needs the same functionality, so move it to a
common routine.
|
|
one-line wrapper)
|
|
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
|
|
|
|
consistency with Samba 3.
|
|
client code.
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
Guenther
|
|
Guenther
|
|
make them wrappers around convert_string{,talloc}_convenience().
|
|
remove some unused functions.
|
|
I'm very glad we have such a comprehensive testsuite for the SAMR
password change process, as it makes this a much easier task to get
right.
Andrew Bartlett
|
|
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
|
|
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
(This used to be commit 36f727c4a73ffc8634692b0c5645343cb414de93)
|
|
(This used to be commit 731d9e569a474da27014737e0805ae712366357d)
|
|
instead of version 2 (win2k3).
This makes the NET-API-BECOME-DC test work against windows 2003 and 2008.
Michael
(This used to be commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d)
|
|
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
|
|
Michael
(This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)
|
|
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit 9a1466abbd4115f4a57d794006aca29aa0184ced)
|
|
Andrew Bartlett
(This used to be commit bc607c334ff86624b891886a6f874da2bcff113e)
|
|
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.
Andrew Bartlett
(This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
|
|
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
|
|
(This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d)
|
|
Windows uses 2 different values to indicate an account doesn't expire: 0 and
9223372036854775807 (0x7FFFFFFFFFFFFFFFULL).
This function looks up the value of the accountExpires attribute and if the
value is either value indicating the account doesn't expire,
0x7FFFFFFFFFFFFFFFULL is returned.
This simplifies the tests for account expiration. There is no need to check
elsewhere in the code for both values, therefore a simple greater-than
expression can be used.
(This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87)
|
|
(This used to be commit 2b408e9ed4caf14e1ac047fd76127a5c979e5177)
|